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ABSTRACT 

A network resource control system allows network users to communicate with network 
resource*, and includes a resource registry, an administration server, a proxy servers a driver 
server, and an authorization server. The resource registry includes resource records which are 
associated with the network resources and define a target address and a resource type for each 
network resource. The administration server is in communication with the resource registry 
and provides the resource administrators of each network resource with access to their 
respective resource records. The proxy server is in communication with the resource registry 
and facilitates data transfer between the network users and the network resources in 
accordance with the resource records. The driver server i ncl udes driver applications for the 
network resources. The authorization server is in communication with die resource registry 
and the driver server and provides the driver applications to the network users in accordance 
with the resource record. Each driver application includes a resource driver, a driver 
administrator, and a data transmitter. The resource driver facilitates communication of 
application data between a user application and target network resources. The resource driver 
includes a driver input for receiving the application data and a driver output for providing a 
translation of the application data. The driver administrator is in communication with the 
resource registry and configures the resource driver in accordance with the resource records 
associated with the target network resource. The data transmitter is in communication with 
the driver output and transmits the translated data to the target network resource. 



NETWORK RESOURCE CONTROL SYSTEM 



FIELD OF THE INVENTION 
5 The present invention relates to a method and system for network management system, 
in particular, the present invention relates to a method and system for controlling access 
to network resources. 

10 BACKGROUND OF THE INVENTION 

Local area networks are widely used as a mechanism for making available computer 
resources, such as file servers, scanners, and printers, to a multitude of computer users. It 
is often desirable with such networks to restrict user access to the computer resources in 
order to manage data traffic over the network and to prevent unauthorized use of the 

15 resources. Typically, resource access 1b restricted by defining access control lists for each 
network resource. However, as the control lists can only be defined by the network 
administrator, it is often difficult to manage data traffic at the resource level. 

Wide area networks, such as the Internet, have evolved as a mechanism for providing 

20 distributed computer resources without regard to physical geography. Recently, the IPP 
protocol has emerged as moans to control access to printing resources over the Internet, 
However, the IPP protocol is replete with deficiencies. First, as IPP-compliant printing 
devices are relatively rare, Internet printing is not readily available. Second, although Ihe 
IPP protocol allows user identification information to be transmitted to a target resource, 

25 access to EPP-compliant resources can only be changed on a per-reeource basis. This 
limitation can be particularly troublesome if the administrator is required to change 
permissions for a large number of resources. Third, users must have the correct resource 
driver and know the IPP address of fee target resource before communicating with the 
resource. Therefore, if the device type or the IPP address of the target resource changes, 

30 users must update the resource driver and/or the IPP address of the resource. Also, if a 
user wishes to communicate with a number of resources, the user must install and update 
the resource driver and IPP address for each resource as the properties of each resource 
changes. Fourth, access to IPP printers cannot be obtained without the resource 
administrator locating the resource outside the enterprise firewall, or without opening an 

35 access port through the enterprise firewall. Whereas the latter solution provides the 

resource administrator with the limited ability to restrict resource access, the necessity of 
opening an access port in the enterprise firewall exposes the enterprise network to the 
possibility of security breaches. 

40 Consequently, there remains a need for a network resource control solution which allows 
resource owners to easily and quickly control resource access, which is not hindered by 
changes in device type and resource network address, which facilitates simultaneous 
communication with a number of target resources, and which does not expose the 
enterprise network to a significant possibility of security breaches. 
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SUMMARY OF THE INVENTION 

According to the invention, Afire is provided a network resource control system and 
method system which addresses deficiencies of the prior art 

5 

The network resource control system, according to a first aspect of the present invention, 
allows network users to communicate with network resources, and comprises a resource 
registry, an administration server, and a proxy server. The resource registry includes 
resource records which are associated with the network resources and define a target 
10 address and a resource type for each network resource. The administration server is in 
communication with the resource registry and provides the resource administrators of 
each network resource with access to their respective resource records. The proxy server 
is in communication with the resource registry end facilitates data transfer between the 
network users and the network resources in accordance with the resource records. 

15 

The network resource control system, according to a second aspect of the present 
invention, allows network users to communicate with network resources, and comprises a 
resource registry, a driver server, and an authorization server. The resource registry 
includes resource records which are associated with the network resources and define & 
20 target address and a resource type for each network resource. The driver server includes 
driver applications for the network resources. The authorization server is in 
communication with the resource registry and the driver server and provides the driver 
applications to the network users in accordance with the resource records for facilitating 
data transfer between the network users and the network resources. 

25 

The network resource control system, according to a third aspect of the invention, allows 
network users to communicate with network resources bested behind an crrterprise 
firewall, and comprises a proxy server, and a polling server. The proxy server is located 
outside the enterprise firewall and receives application data fiom network users. The 
30 polling server is located behind the enterprise firewall and is configured to poll the proxy 
server for initialing transmission of the received application data fiom the proxy server to 
the polling server. 

The network resource control system, according to a fourth aspect of the present 
35 invention, is associated with a resource registry having resource records associated with 
network resources for allowing network users to communicate with the network 
resources, and comprising a resource driver, a driver administrator, and a data transmitter. 
The resource driver facilitates communication of application data between a user 
application and target network resources. The resource driver includes a driver input for 
40 receiving the application data and a driver output for providing a translation of the 
application data. The administrator Is in co^ 

configuration of the resource driver in accordance with the resource records associated 
with the target network resource. The data transmitter is in communication with the 
driver output for transmitting the translated data to the target network resource. 



CA 02299824 



10 



20 



30 



The network resource control method, according to a fifth aspect of the invention, 
facilitates coitrnmnioation between network users and network resources, and comprises 
the steps of: 

providing a resource registry including resource records associated with the 
network resources, the resource records including user access control data; 

receiving user access control data from administrators of the network resources 
for incorporation into the resource records; and 

depending upon the user access control data received, configuring the network 
users fbr communication with the network resources 



Tho network resource control method* according to a sixth aspect of the invention, 
facilitates communication between network users and network resources, and comprises 
the steps of: 

receiving a request from one of the network users far communication with a target 
15 one of the network resources; 

obtaining resource configuration data associated with the target one network 
resource; 

determining a user authorization for commiuncarion with the target one network 
resource; and 

depending upon the outcome of the user authorization itep« verifying a 
correspondence between the resource configuration data and user configuration data 
associated with the one network user. 



The network resource control method, according to a seventh aspect of the invention, 
25 facilitates communication between users of a network and resources in communication 
with the network, and comprises the steps of: 

providing a request from one of the network users for communication with a 
target one of the netwodc resources; 

receiving from the one network user application data for transmission to the target 
one network resource, and receiving resource network address data associated with the 
target one network resource over a ooinmunicarions channel secure from the one network 
user; and 

directing the application data over the network in accordance with received 
network address data. 

35 

The network resource control method, according to an eighth aspect of the invention, 
facilitates communication over a nctwoik between users of the network and network 
resources located behind an enterprise firewall, and comprises the steps ot 

polling a proxy server located outside the enterprise firewall for requests for 
40 communication with the network resources; 

receiving application data and associated network resource data from the proxy 
server m response to the poll step; and 

directing Ac application data to flic network resources in accordance with 
associated network resource data. 
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BRIEF DESCRIPTION OF THE DRAWINGS 

The preferred embodiment of the invention will now be described, by way of example 
only, with reference to the drawings, in which: 

5 

Fig. 1 is a schematic representation of a network resource control system, according to 
the present invention, showing die resource registry, the administration server, the proxy 
server, the driver server, and the authorization server, and 

10 Fig. 2 is a schematic representation of a driver application for use with the present 

invention, showing the resource driver, the driver administrator, and the data transmitter. 



DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT 
IS Turning to Fig. 1 , a network resource control system, denoted generally as 100, is shown 
comprising a resource registry 102, an administration server 104, an authorization server 
106, a number of network resources 108, and a number of network users 1 10. Preferably, 
each network resource 108 comprises a printing device, and the network resource control 
system controls access by the network users 110 and the printing devices. However, it 
20 should be understood at the outset that the invention is not limited to a network printing 
control system, and that the network resource 108 may comprise any of a variety of data 
commumcadon devices, including facsimile machines and image servers. 

The administration server 104* the authorization server 106 end the network resources 
25 1 08 are available by the network users 110 over a wide area network 112, such as the 
Internet The resource registry 102 comprises a resource database 1 1 4 which includes 
resource records associated with the network resources 108, and a driver database 1 1 6 
which includes resource drivers which allow user software applications to communicate 
with the network resources 1 08. 

30 

Each resource record identifies a target address, resource type and user access level fbr 
the associated network resource 108. Also, each resource record identifies a pseudo- 
name for the associated network resource 108 to identify the network resource to network 
users. Preferably, the pseudo-name is a network alias that identifies the physical location 
35 and properties of the network resource 1 08, but does not identify the network address of 
the resource 108. Further, although each network resource 108 may be defined with a 
unique pseudo-name, a group of network resources 108 may be defined with a common 
pseudo-name to allow communication with a group of network resources 108. 

40 Preferably, the user access level comprises one of a) "public access" in which any user 
110 of the network 112 can communicate with the target network resource 108, b) 
"private access" in which only members ofthe enterprise associated with tie target 
network resource 108 can communicate with the target network resource 108, and c) 
authorized aceau" in which only recognized users 1 10 can communicate with the target 
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network resource 108. Additional Monnalion/restrictiox^ may also be 

specified in addition to the foregoing predefined user access levels. For instance, hours 
of operation, dam handling capabilities, and resource pricing may also be specified. Also, 
reatricrions/pennissions nay be provided either on a per-user basis, or par-group basis, 

5 

The administration server 104 provides resourco administrators with access to the 
resource registry 102 to facilitate updating of the target address, resource type, user 
access level and infbzznafioxi^restrictions^emxissions identified in the resource records of 
the resource database 114. In the case of network resources 108 configured for 

1 0 authorized access, the administration server also allows the resource administrators to 
specify a resource name and password for each network resource 108. As will be 
appreciated, this mechanism allows flic resource administrator to make adjustments, such 
as to pricing and page limit, in response to demand for the network resources 108, and to 
make adjustments to restrictioDs/^ennisfiions/pa&swords to thwart unauthorized access to 

15 the network resources 108. 

Preferably, the administration server 104 provides controlled access to the resource 
database 114 so that the resource administrator of a particular network resource 108 is 
only allowed access to the resource records associated with the resource administrator's 
20 netwoxk resources 108. 

As discussed above, the driver database 1 16 includes resource drivers to allow user 
application software to communicate with the network resources 108. As shown in Fig. 
2, when a network user 1 10 is setup to communicate with a target network resource 108 

25 (to be described below), the network communication device of the network user 1 10 is 
configured with a driver application 200 comprising a resource driver 202 from the driver 
database 1 16, and a wrap-around driver layer 204. The wrap-around driver layer 204 
includes a front-end layer 206, an administrator layer 208, and a data transmitter layer 
210. The front-end layer 296 is in communication with the network user application 

30 software and the resource driver 202, and typically only passes application data fiom the 
application software to the resource driver 202. The administrator layer 208 
communicates with the resource registry 102 over the Internet 1 12 and the target network 
resources 1 08 to ensure that the driver application 200 is properly configured for 
communication with the target network resources 108. The data transmitter layer 210 is 

35 in communication with the resource driver 202 and is configured to transmit the data 
output from the resource driver 202 over the Internet 1 12 to the target network resources 



Hie authorization server 106 is in communication with the resource database 1 14 and the 
driver database 1 16 for providing the network users 110 with the wrap-around driver 
layer 204 and with the resource drivers 202 appropriate tbr the target network resources 
108. Preferably, the authorization server 106 is configured to provide the data transmitter 
layer 210 with the network address of the target network resource 108, over a 
co mmunicati ons channel secure from the network user 1 10 so that the network address of 
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the target network resource 108 is concealed from Did network user 110. In die case 
where the network 112 comprises the Internet, preferably the secure communications 
channel is established using SSL protocol 

5 Typically, each netwoik resource 108 comprises an IPP-complisnt printer. However, as 
discussed above, other data communication devices, such as facsimile machines, image 
servers and non-IPP-coxnpliant printers, may be used in addition to or in replacement oF 
an IPP-compliant printer. In the case where the network resource 108 comprises an IPP- 
compliant device, the network address of the network resource 108 comprises the 

10 netwoik resource IPP address* However, in the case where the netwoik resource 1 08 
comprises a non-EPP-compliant device and die network 1 12 comprises die Internet, 
preferably the network resource 1 08 is linked to the network 1 1 2 via a server, and die 
network address of the netwoik resource 108 is the TP address of the server. 

15 Typically each network user 1 10 communicates to the netwoik resources 108 using a 
communication device, such as a personal computer, linked to the netwoik 112. 
However, the network users 110 may also communicate to the network resources 108 
using other communications devices, such as wireless telephones, pagers or personal data 
assistants. 

20 

To facilitate communication with network resources 108 located within an enterprise* 118 
behind the enterprise firewall 120, as shown in Fig. 1, preferably the network resowte 
control system 100 also includes a proxy server 122 located outside the enterprise 
firewall 120, and a polling server 124 located behind the firewall 120 within the 
25 enterprise 118. Preferably, the proxy server 122 is located on-site at die enterprise 1 18, is 
provided with a network address corresponding to the enterprise 118. and includes a 
queue for receiving application data. However, the proxy server 122 may also be located 
off-site, and may be integrated with the authorization server 106 if desired. 

30 Typically the enterprise 118 includes a server 126 for communication with the network 
resources 108 located behind the firewall 122. The polling server 124 is in 
communication with the enterprise server 126 for communication with the network 
resources 108 located within tho enterprise 118 .The polling server 124 is configured to 
poll the proxy server 1 22 through the firewall 120 to deteamine whether application data 

35 is waiting in the queue of the proxy server 122. However, as will be ^predated, the 
proxy server 122 and the polling server 124 may be eliminated, if desired, and a port 
provided within the firewall 120 for communication with the netwoik resources 108 
located behind the firewall 120. 

40 Preferably, the network resource control system 100 also includes a transaction server 
128 and an archive server 130 accessible over the network 1 12 via the administration 
server 104. The transaction server 128 is in communication with the authorization server 
106 for keeping track of each communication request betwoen a network user 110 and a 
network resource 108. For each tranamfatoem, typically the transaction server 1 1 8 
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maintains records of the originator, recipient, data, time and file size of the transmission. 
The archive server 130 is configured to retain copies of the application data transmitted, 
for a specified period. The network user 1 10 may specify whether the tamsmittfiri 
application data is to be archived, and the archive period, during a user registration step, 
5 described below. 

Preferably, the administration server 104 provides controlled access to the transaction 
server 128 and the archive server 130 so that only the network users 110 which originated 
transmission of the application data is allowed access to any information associated with 
1 0 the transmission. 

To communicate with a network resource 1 08, preferably the network user 110 first 
selects a target network resource 108. and configures its computer for communication 
with the target network resource 1 08. The network user 1 10 may also register itself with 

15 the administration server 104, by specifying any required infotmati on, including the 
network user's name, physical address; and e-mail address. The network user may also 
sped fy that an e-mail notice should be sent to the network user 110 after a successful 
transmission of application data to the target network resource 108, and whether 
archiving of the application data is desired. However, the registration step is optional and 

20 may be dispensed with if desired. 

If no network resource 108 has been selected, the network user 110 queries die 
administration server 104, via its Internet browser, for a list of available network 
resources 108- The network user query may hi based upon any desired criteria, including 

25 print turn-around time and page size (where the target network resource 108 is a printer), 
price, and geography. In addition, the network user 110 may provide the administration 
server 104 with the geographical coordinates of the network user 1 10 in order to 
determine the network user's nearest network resources. The ability to specify the 
geographical coordinates of the network user 110 is particularly advantageous if the 

30 communication device of the network user 1 10 is a wireless telephone, pager or personal 
data assistant. In this latter variation, the administration server 104 may be provided with 
the network user's geographical coordinates through any suitable mechanism known to 
those skilled in tiie art; including latitude/longitude co-ordinates, GPS, and wireless 
triangulation. 

35 

Preferably, a network user 1 1 0 will only be provided a list of pseudo-names associated 
with each network resource 108 satisfying the ^'eTTatrd search criteria. Further, 
typically the pseudo-name list will only identify network resources 1 08 registered for 
public access. However, if the network user 1 10 identifies itself as a registered user by 
40 entering a usemaroe and password provided affile time of registration, the pseudo-name 
list will also identify network resources 108 which have been registered for authorized 
access and to which the network user 1 10 is authorized to commimlcate. Also, if the 
network user 110 is member of an entdprise 118, the pseudo-name list will also identify 
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network resources 108 whidi have beea repetciwdby theMteiprise 118 for private 
access. 

Upon receipt of the resource list, tbe network user 1 10 selects a target network resource 
5 108 irom tbe list. The administration server 104 then queries the network user's network 
communication device to determine whether the communication device has been 
configured with the appropriate resource driver 202 for communication with the target 
network resource 108 and, if not, prompts the network user 1 10 to download the 
necessary resource driver 202. 

10 

Once tbe network user 108 desires to communicate with a target network resource 108, 
the network user 110 transmits a communication request via its application software to 
the driver application 200. The front-end layer 206 of the driver application 200 receives 
the application data, end passes it to the resource driver 202 for processing. In addition, 
15 if the network user 1 10 has not previously selected a network resource 108, the front-end 
layer 206 contacts die administration server 104 over die Internet 112 and prompts the 
network user 1 10 to select a network resource 108, as described above. 

The front-end layer 206 also notifies the administrator layer 208 of the driver application 
20 200 of the print request The administrator layer 208 then provides die authorization 
server 106 with a request for printing to a target network resource 108. Topically, the 
administrator layer 208 provides the authorization server 106 with the pseudo-name 
associated with the target network resource 108, a network user identifier, and a resource 
driver configuration identifier. The authorization server 106 then queries the resource 
25 registry 102 with the pseudo-name of the target network resource 108 for die associated 
resource record. The authorization server 106 extracts the user access level ftom the 
resource record, and based on the network user identifier, determines whether the 
network user 110 is still authorized to communicate with the target network resourcel08- 
If the network user 110 is still authorized, the authorization server 106 then provides the 
30 administrator layer 208 with the network address of the target network resource 108. In 
the case of anetwodc resource 108 configured for authorized access, the authorization 
server 106 also provides the administrator layer 208 with the resource name and 
password associated with the network resource lib. 

35 The administrator layer 208 then queries the network resource 108 over the Internet 112, 
using die received network address, to determine whether the target network resow^ 108 
stiJl resides at the specified network address, is operational and is c^line. The 
authorization server 106 also extracts the resource type from die resource record, and 
based on the resource driver configuration identifier, determines whether tbe network 

40 user 1 1 0 is still configured for communication with the target network resource 110. If 
the network user 1 1 0 no longer has tho correct resource driver 202, the authorization 
server 106 queries the driver database 1 16 for the correct resource driver 202, and 
prompts the network user 1 10 to download the resource driver 202. This driver 
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configuration verification step may be performed concurrently or consecutively with the 
network address providing step described in the preceding paragraph. 

Meanwhile, the resource driver 202 translates the application data into a format suitable 
5 for use by the target network resource 1 08, and then passes the translated data to die data 
transmitter layer 210 of the driver application 200. Preferably, the data transmitter layer 
210 compresses and encrypts the translated application data upon receipt The data 
transmitter layer 210 also receives the network address of the target network resource 108 
ton the driver administrator layer 208, and transmits the compressed, encrypted data 
10 over the Internet 1 12 to the target network resource 108* 

If the resource administrator has defined die user access level of the target network 
resource 108 to allow public access to the network resource 108, preferably the target 
network resource 108 is accessible through a local server which serves to queue, decrypt 
15 and decompress die application data prior to transmission to the target network resource 
108. Alternately, the target network resource 108 itself may be configured for 
transmission over the Internet 112, such as an EPP-capablc printer, so that the target 
network resource 108 prints the application data directly. 

20 If the resource administrator has defined the user access level of the target network 

resource 108 to allow only private enterprise-based access to the network resource 108, 
the proxy server 122 located outside the enterprise firewall 120 receives the application 
data, and transfers the application data to the proxy server queue. The polling server 124 
located behind tbe enterprise firewall 120 periodically polls the proxy server 122 to 

25 determine the status of the queue. Upon reoeipt of a polling signal from the poDing 
server 124, the proxy server 122 transmits any queued application data from the proxy 
server queue, through the enterprise firewall 120, to the polling server 124. The polling 
server 124 then parses the network address associated with the received application data, 
and transmits the application to the appropriate server 126 or network resource 108 for 

30 processing. 

If tbe resource administrator has defined the user access level of the target network 
resource 1 08 to allow authorized access to the network resource 108, preferably the target 
network resource 1 08 is accessible through a local server which serves to queue, decrypt 
35 and decompress die application data, and extract the resource name and password 
transmitted along with the application data. The local server then transmits the 
application data to the appropriate network resource 108 if the received resource name 
and password arc valid. 

40 Regardless of the user class defined for a network resource 1 08, if the resource 

administrator relocates the target network resource 108 to another network address, 
and/or changes the device type and/or restrictions/peimiamons of the network resource 
1 08, the resource administrator need only update the resource record associated with the 
network resource 1 08 to fiicflitatn communication with the network resource 108. 

-9- 
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Subsequently, when a network user initiates communication with the network resource 
108 with the original pseudo-name* the authorization server 106 provides (he 
administrator layer 208 with the updated network address of the network resource 108, or 
prompts the user 1 10 to download the Appropriate resource driver 208, if the network user 
5 1 10 ia still authorised to communicate with the network re£Ource 1 08. 

In the case of network resource 108 configured for authorized access, if the resource 
administrator desires to change the device name and password associated with the 
network resource, the resource administrator need only update the device name and 

10 password provided an the resource record. Subsequently, when a network user 110 
initiates communication with the network resource 108 with the original pseudo-name, 
the authorization server 106 provides the administrator layer 208 with the updated 
resource name and password of the network resource 108, if the network user 1 10 is still 
authorized to communicate with the network resource 108. A network user 110 who is 

15 not authorized to communicate with the target network resource 108, will not receive the 
updated device name and password from the authorization server 1 06 and, consequently, 
will not be able to communicate with the target network resource 108, even if the user 
1 1 0 knew the network address for the target network resource 108. 

20 The following pages identify further details and benefits of the preferred embodiment 
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lOVERVIEW 



15 



A mechanism for easily identifying, controlling, and using personal contact 
information is disclosed. The first embodiment of this method is the support of remote 
printing devices available through the Internet or internal Intranets is disclosed. A Global 

5 Registry u used to control access to and catalog User contact information and Internet 
Printer Protocol ready printers as well as Proxy enabled standard printers. The invention 
uses the Global Registry to broker interactions between the users, their contact 
information, including the available printers. The invention includes the use of a wrapper 
layer of software around standard O/S print drivers to allow current application 

10 technology to be Internee print enabled The user of the invention is shielded from the 
complexity and risks of maintaining the current status of those wishing to contact them 
directly or by printing to a remote printer across the Internet. The providers of the 
remote printers are shielded from the risks of providing access to their printers and 
network resources. 



20 



2Global Registry 



The Global Registry is a central location on the Web that allows Users to register 
personal information, including physical location, phone numbers, cell phones, pagers, 
fazes, internet aware printers and other information. This registered information is 
protected by passwords, known only to the person registering the information 
(registrant). The registrant identifies a list of other registrants of the Global Registry that 
they grant access to, and what aspects, of their personal information that they grant that 
permission. This permission is also password controlled, and can be limited by {actors 
such as date, elapsed time or access count. The depth and type of information revealed to 
25 other registrants can also be controlled on an Individual basis. For Instance contact 
information granted to family members could be different from that granted to co- 
workers or customers. 

The registrant can update the contact information at the central registry whenever any 
aspect of their contact information changes. These changes are then automatically updated 
30 for the other registrants who have been granted access to this information, when they 
establish contact with the central registry. This gives the registrant a single location to 
update information, ensuring that those granted permission to contact them, can always 
get current information. 

The first implementation of the method disclosed, is the printerOn System, which is 
35 designed to manage and control contact to individuals and organizations through internet 
enabled printers and fax machines. This same method is applicable to other contact 
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information men is email addreasM, pager numbers, physical location, phone numbers 
and other information the registrant might wish to share. 



3printerOn Overview 



3,1 PrinterOn 

printerOn is the name of a system of Web based components and drivers that allow 
current, normal, commercially available Applications to gain controlled, protected 
printing across the Internet to remote printers. PrinterOn is a sample implementation of 
the Global Registry method. 

ig r 2 PrinterOn Main Consonants 

RfteytratiglB-Sglg • The Registration Server is a Web Server site that supports the 
registration of Printers and Users as well as the definition of User or Printer groups. It 
also provides a portal for the provision of advertisement information and sale of 
merchandise to the registered base of users for any sendees or products of interest to the 
IS users. 

N*HW StfTgr - The Name Server is a Web Server that supports the identification of 
the appropriate printer IP address for the use of the printerOn Driver and the validation 
of the User's privileges 

PrinterOn PHyey - The Driver is a Client Application that looks like a standard 
20 device driver that encapsulates the acniol printer driver on that O/S, and provides services 
to route the print stream to Internet Printers. 

PreffY SffYg - The Proxy Server is a Web Server that support! the spooling, 
encryption and compression of printer data streams to the appropriate printer IP address 
for the use of the printerOn IPP Print Server. 

25 ffiMPfatfegtf^ - The PrinterOn Global Print Registry is a repository for all 
of the registered Printers and Users that controls and grants permissions to the users of 
the sywem based on the PrinterOn printer settings. The Registry is based on a database 
model with the accompanying Active Server Pages controlling the transactions. 

3.3 PmnterOnRfgtstrattovSptvybr 
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The PrinterOn Registration Server supports the registration of bothprintcrs and users 
into the PrinterOn system. The registration of a user consists of entering information such 
as their Name, e-mail address, real address and the IP identification of their device. 



The Registration Server is the main Web interface between Users and the PrinterOn 
5 system. 

The registration of a printer, consists of identification of the wer defined Printer Alias 
Name, the IP address of the printer, the PrinterOn class of the printer (Public, 
Authenticated Public, or Private), and if the printer has been identified as Private, who 
is allowed to print to the registered printer. 

ifl.4 PrinterOn Name Server 

The PrinterOa Name Server provides several services to the PrinterOn System in 
direct communication with the PrinterOn Driver. 

In the normal printing process the Name Server would respond to a request for the 
address of the Printer Alias with a resolved IP address and DNS name for the printer, if 
15 it was available to that user. If they were a registered user they could see the Public and 
Authenticated Public printers in the Registry, filtered as they saw fit. The user could only 
get a response to a private printer if they were on the list of users associated with that 
private printer or had access to the printer account and password of the private printer. 

3,5 PrinterOn Drivers 
3*6.1 Global Print Driver 

The PrinterOn Global Print Driver is a code wrapper that encapsulates a Standard 
O/S Printer driver whh a layer that communicates through a standard Port to the Web. 
The driver supports the IPP standard protocol and the interaction with the Name Server. 

The Global Print Driver is composed of four parts, the Driver Control, the Port 
25 Monitor, the IPP printer communication and the IPP print server data stream control. 

The novel item is the implementation of a printer driver that passes information 
through to a Standard O/S Printer driver, while making use of communication with a 
Website. 

A method of controlling the processing or printing requests to a Windows 95, 98 or 
30 NT print driver by encapsulating a standard Windows print driver, with a layer that 
factions as a print driver at the interface, but, allows for control of the print data stream 
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being passed to -windows. This allows for additional processing of the data stream after it 
has been passed to the driver layer by any Windows application and also the addition of 
information or redirection of die print driver output from a local printing process to a 
remote IPP printer. 



3£.2 Universal Print Driver 

The PrinterOn Universal Print Driver adds a set of standard O/S Printer drivers built 
into the driver layer itself, that support the basic data streams for printing to a wide range 
of printing devices. The idea here is that the printer driver can not only handle control 
and permissions in a Web environment, but also support printing capabilities to a range 
10 of printers without the user needing to install driven for those printers locally by 
themselves. 

3-5 PrinterOn proxy Server 

The printerOn Proxy Server is die provision of IPP services to those users who do not 
wish to expose their IPP printers outside of a firewall, it also provides services to those 
IS who do not have IPP enable printers or servers, but, wish to receive prints over the 
Internet. 

The Proxy server has three components in the design of this subsystem. The first 
component is an add-on part of the PrinterOn Driver. This part allows for the 
compression and/ or encryption of a data stream in the pass-through printer component 
20 of the Global or Universal PrinterQn print drivers. 

The second component of the PrinterOn Proxy is a Web location associated with the 
printerOnjiet site that identifies a queue for the printerOn Proxy Printer. The queue is 
monitored by the printerOn Print Server and if data appears in the queue, the Server 
initiates a download of the data from behind the firewall, at the printer location. This 
25 solution means that Administrators can provide the services of an IPP printer without 
opening a port through the Firewall of their network. 

The third component of the printerOn Prosy is the printerOn Print Server that is 
located at the site of theProxy Printer. This server suppoixs the decryption and expansion 
of the data stream being spooled from the Proxy Queue and then passes this to the printer 
30 connected to the server. This means that data screams that are IPP compliant as well as 
others may serviced by printing devices that do support the IPP capabilities. 
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3.7 REGISTRY 

3.7.1 Global Print Driver Registry 

The Global Print Registry is the database of registered Printers and Users that 
comprise the printerOn system. The level of indirection provided by this registry 
5 allows for the insertion of many services and capabilities not supported by standard 
IPP printers or other Internet printing solutions. The we of both User and Printer 
Aliases means that the actual physical connection or the physical device behind that 
alias can be moved, reconfigured or changed without changing the appearance of the 
alias at the user level. The Administrator of the system can modify and *»*jw»aw* a 

1 0 distributed group of printers over the Internet, simply by accessing the single registry 
location. The use of the alias also ensures that the publication of the address on a 
website, business card or directory is a viable ahernative as the alias is controlled and 
mapped to the changing network underneath. Even physical location can be easily 
changed. This means that printing can work at the same virtual portal Style that users 

15 have come to expect from browser access to the Web. 

The use of printer IDs and user Ids in the system, in conjunction with passwords, 
means that the use of the internet printers can be controlled, and modified from the 
same central registry. 

20 



4printerOn Process Discussion 
4.1 REGISTERING A P^TISTTSR 
4.1.1 Registration of an IPP Printer 

25 PrinterOnasasystemis centered around the intemerprtHP>r TTnl^^anflardsystems 

that focus on the user and permissions PrinterOn is unique in that it is printer centric. 
The printer is given an identification and is registered in a central registry, with a level of 
security and if necessary, a list of users that may be granted permission by the printer 
itself, to use the printer. This is a unique level of active security to control the use of the 

30 printers. To accommodate this level of security, printers that have an IPP interface must 
be registered within the PrinterOn system. This registration is entirely in the control of 
the Administrator of the printer, both in initiating the registration and in tn a iti™; n jn C the 
nature and type of printer at that location. 
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The PrinterOn Printer Registration consists of fields such as: 

• The unique printer identification 

• The Organization and location 

• Printer's printerOn Alias 
5» The Printer's IP Address 

• The Printer's URL 

• PrinterOn printer type (public, public authenticated, private) 

• Pen Mapping Parameters for printerOn 
, • Printer Model and Make 

10 • Printer Driver URL 

• Administrator ID and Email 
m Administrator Password 



Once a printer has been registered, if it has been identified as a Private Printer, 
15 additional information on the Registrants that can locate and use that printer can be 
entered These Registrants must be registered users of the printerOn System -with entries 
in the Global Print Registry. Once the Registrants have been identified as having access 
to the Private Printer, then they can use this printer as any other printer. The access to 
the Private Printer can also be controlled by individual passwords for each of the 
20 Registrants. The major advantage of this system is that the printer Administrators can use 
the Global Print Registry to control access and use of Private Printers through a single 
central location- The only other alternative for control of access to IPP enabled printers 
is through password control on the individual IPP servers, which must be configured 
individually oncach of theservers locally. This gives Administrators the ability to control 
25 a geographically dispersed set of Private Printers quickly and easily. 

1 1.0.1 Registration of a Non-IPP Printer 
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If the user has a printer thai does not have an IFP Server or is not enabled with IPP 
technology, the printerOn system provides the ability to provide on IPP Proxy for 
connected printers. If the user registers a printer and identifies it as a non-IPP printer, the 
printerON.net site can provide a printing queue to store and process data transmitted 
across the internet. If users of the printerOn system print to that printer the Proxy 
services in the printerOn Print Driver are enabled and the data is known to be being 
transmitted to a non-IPP printer and is routed to the printerOn .net site. From there the 
data is queued and sent on to a printerOn Proxy print server located at the non-IPP 
printer's location. This Print Server then formats the data stream and forwards the 
information to the printer. 



Printer Groups 

The printerOnxom interface allows for the registration of a Group of Registered 
Printers. This Printer Group consists of a series ofprinters that have been registered in the 
Global Print Registry associated and given an Alias by the User. This grouping of 
Registered Printers gives the user of the system the ability to print to a set of IPP Printers 
simultaneously, through their standard printing interface. The user simply iA»H«j f fai the 
printerOn Printer Group as their printer in their application printing dialog, and the 
resultant print is sent to all of the Registered Printers in that group. 

If the Group of Registered Printers includes Fax locations, those faxes will be 
simultaneously sent along with the prints to the appropriate fax machine. This means that 
printers and faxes can be mixed within a single information exchange. If there are several 
fex locations, these can be touted to a rax distribution center for further forwarding to the 
actual fax devices. 



ilo.3 Registrant Groups 

The printerOnxom interface also allows for the registration of a Grouping of 
Registrants. This would enable work groups or company divisions to identify a group of 
people that could as a class, be granted access permission to a given Private Printer. 



PrinterOn Overview 
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The users of the printerOn system must register with the Global Print Registry to 
ensure that they can use the full features of the printcrOn system. Users log onto the 
printerQn.com webske and enter the User Registration information to ensure the 
printerOn system can recognize them and identify which printing capabilities are available 
to them. If Users do not register, then they can only use the Public Printers listed in the 
registry. Once the users hare registered they are considered to be Registrants in the 
printerOn system and can have access to Authenticated Public printers and those private 
printers that they have been granted access to- 

The data captured during the printerOn Registration of a User such as; 

10* A unique User Registrant identifier 

v A Registrant name 

• An address 

• A valid email address 

• An assigned Registrant password, emailed to the above address. 
15 « Default printerOn settings 

• A fax alias 

• Aphone number 
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8.1 PnsmiNTG a Printer 

8.1.1 When Printing 

5 When the user identifies chat they wish to print from an application using che 

printerOn driver, the cam either identify the printer from their favorites list, type in the 
Printer Alias or invoke the Search Browser to look for a printer in the Global Print 
Registry, 

Once the user has identified the printer ihsy wish to use, the printers characteristics 
10 are checked co determine if the user has a printer driver for that device, if the printer is 
online through an IPF status check and if the user has permission to print to thai device. 

If the user has the appropriate driver and permission, the printerOn Printer will 
become the default printer for that application and workstation, ready for printing. 

For Registrants of the printerOn system who wish to use advanced search techniques 
15 during a printing job searches can be done by available printer types, geographic location, 
delivery capability, job quality or by a reverse bidding process. This reverse bidding 
process consists of comparing Registered Printer capabilities and pricing with the 
Registrants request for services and providing the Registrant with a best fit solution. 

8.1.2 WhenOnunetoprinterOn.com 

20 When the user is accessing printerOn.com they have the ability to search for printers 
available to them, they can search either geographically, by printer model or by printer 
type and permissions. 

The user also has the ability to undertake the same or W™! ^t^ n g «w*ht»/p i« fo r 
printing resources that are available from the printerOn Driver interface. These can 
25 involve determination of the best price for a printing job, the closest geographic location, 
perhaps fastest delivery or closest match to the required capabilities. 

Once they have located a prinier, they can choose to add thU printer to their List of 
Favorites in the printerOn Driver, 

8.3 Printing a Don tmem^ 

-21- 



CA 02299824 



When the user is printing from an application, they can use the default selection or 
choose a new printer from their favorites or browse the printerOn.net website for a 
printer in the Global Print Registry. 

Once a printer has been identified the printer IP address is communicated in an 
5 encrypted message to the printerOn Driver and the user may print to this Remote Printer. 
When the print is initiated the printerOn driver will communicate with printerOn.net 
to ensure that the permissions and printer status and location are valid. 

If the response to the communication indicates that the printer has been changed, the 
printerOn driver will check the local system for an appropriate printer driver for the 

1 0 newly installed printer. If it is not available then the printerOn driver will request a copy 
of the appropriate driver from printerOn.net. If the primer driver is not available at die 
printerOn.net site, the printer Administrator will be notified and the Registrant will be 
asked to find a copy of the appropriate driver- If the driver is available, then the printerOn 
Driver will download it to the Registrants machine and continue with the printing 

15 request. 

The printerOn Driver then allows the data stream from the application to pass- 
through to the printer model device driver for processing. Once this is completed the 
p rinterOn driver th en gets the data stream from the driver and packages it up into an IPP 
data stream or a Proxy data stream for a non IPP printer. The IPP layer of the printerOn 
20 driver then initiates an IPP session with the actual remote printer confirms it's status and 
lends the dW The driver then in parallel, sends a transaction record to printerOn.net to 
record the printer usage and statistics such as number of pages, transmission time and 
other statistics for accounting and administration purposes, 



25 9IDENTIFIED VERTICAL MARKET APPLICATION FOR 

PrinterOn 

9.1 QVERVIEVQFAPPTTrAT| ftWS 

• Universal Use - The Universal use applications are those that are generally 
applicable to all printing applications. 

30 • Wireless Applications - The Wireless applications are those services and 
capabilities that enhance the use of wireless devices. Such as interactive pagers or 
cellphones 
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• Fax Substitution - The Far Substitution is the provision of services that will 
supplement or replace the normal fax transmission process. 

• IPP Server Enhancement - The IPP Server Enhancement applications are services 
and capabilities that expand the use and function of the IPP standard printers. 

5 « Reprographics - The Reprographics applications are those that enhance the 
commercial printing and services market 

5.1 Universal Use 



5.1.1 Hotel Guest Printing 

For business travelers who need printed data, but do not bring printers with them, 
10 hotels can register an IPP printer with priaterOn.net. When a guest arrives at the 
hotel, he or she can be assigned a valid printerOn userlD and password by a Printer 
Administrator at that Motel through the printerOn.com Website, that will allow 
access to the hotel printer for the duration of the guest's stay* printerOn will broker 
access to the printer in such a manner that it remains secure* printerOn can provide 
IS the hotel with the option of tracking printer usage for guest billing purposes. Guests 
can print from their rooms through dial-up internet connections using priaterOn.net, 
and pick up their output at the front desk. If they wish they can also print a cover page 
on each of their print jobs, identifying who the print is to go to. 

20 Once the guest has been registered with printerOn.com their access to the printer will 
be automatic for the duration of the configured access. He printerOn driver will 
substitute the password for the printer into the print request from the guest's 
application. The hotel can then get a record of the guest's printing activity for billing 
purposes. 
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5.1.2 White Pages 

printerOn.net will act u a search engine for IPP print addresses, olio-wing users to 
always locate the appropriate device even as servers and printers are being replaced or 
5 moved Organizations can update the parameters for registered printers at 

printcrOn.nct to minirmV disruptions, in service for those authorized to access their 
printers. This means that system administrators can reconfigure or replace physical 
printers, while retaining the permissions, passwords and Printer Aliases for the 
Registrants. The Registrants will not necessarily even be aware that the physical 
10 printer that they use has been changed. 

5.1.3 Distribution Groups 

printerOn allows the creation of a logical Printer Group, so that users can send a copy of 
a document to a number of people or printers in one step* By printing to the group, a 
15 copy of the printout is automatically duplicated by the printerOn Print Driver by 
recursively printing and sending to each device belonging to the group. The standard Print 
Driver needed to print to each member of the group will be detected and inserted as in the 
single device printerOn process. 

5.1 .4 Paid-For-Papers 

20 printerOmiet can broker physical prints of an organization's purchased reports 

directly to a consumer's output device, saving the rims and cost of shipping hardcopy 
versions. There is no intermediate, electronic form that may be copied, and the report 
is available immediately. 

The provider of the reports, can request the IP address of the customers printer, or ask 
25 that the customer register the prinfcer as Private, Then the provider can print to the 
printer, with a record of the transaction being, available to show delivery. 
If the person requesting the print wishes, they, can have the print stream information 
forwarded to a local printing shop to be picked up or forwarded. 

301.5 Print/Fax Archival 

For clients who require records of faxes or IPP prints, but lack document archival 
software, printerOn.net can host & copy of print jobs for a period of time. The prints 
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can be regenerated or retrieved on Remand by those with suitable password access. 
primerOn-net will abo work closely document management companies to provide 
similar capabilities for larger organization* with a higher degree of IT strategy. This 
capability can be supported by the printerOn system, because the printerOn driver is 
5 capable of producing multiple renditions of a single print request, one of which can be 
routed to an archival process. 

I 

5.1.6 follow-me Printer. 

i 

Registering with printerOn ensures that faxes or prints always reach recipients who 
1 o change their locations. Corporations can be certain that output will find traveling, 

former, or vacationing employees, and can also redirect prints for absent employees to 
suitable alternates. An individual registers a virtual IPP address with printerOn* This 
virtual IPF address is the one they pxpose to the world. As they change locations, as 
the Administrator of their printer, [they can visit the printerOn Web site and redirect 
15 their virtual IPP device to the JP address of the physical print device at their current 
location. ' 

I 

5.2 Wireless Appoca-Iion 

i 

i 

5.2.1 Printing Wmrires EMAIL 

20 For business travelers who recerveje^mail, printerOn will have integrated solutions 

with wifeless data services that allow the recipient to print a copy of the message on an 
IPP printer. The wireless user cad- specify the printer they want to uae, or can rely 
upon printerOn services to locate a suitable printer based upon geographic location 
and other requirements. Geographic location may be established by several means, 

25 including GPS, wireless cell triangulation, or manual entry. 

5.2.2 Obtaining EMAIL attachments 

E-mail attachments can be printeJ directly to'printers rather than opened in the 
programs they were created in. Wireless devices* such as Internet-enabled cell phones 

30 and wireless modems or pagers, can 'thus alert the user of a received attachment 

without needing to deliver the contents to the device. The business traveler can request 
that the e-mail be forwarded to prlnjcrOn.net with a request to output the message and 
attachment on a hardcopy primer- This hardcopy may be a fax ww^n* public, 
private or Virtual IPP printer. printerOn will also be able to obtain the geographic 

35 coordinates of a wireless device either from a GPS or cell phone locating service to 

i • 
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automatically route die prints to the nearest printer, or provide the user "with a List of 
nearest printers to choose from. 



5.3 FAX SUBSTITUTION 



553.1 Improved FAiflMG 

t 

printerOn.net can replace faxes, witb'tugh qualixy prints that retain fine details 
traditionally lost using fax machines. jAn IPP printer can be registered along with the 
fx* number(s) for which it is a substitute. Clients can cross-reference these fax 
numbers (which are commonly avaSl&ble) into* IPP print addresses to send high quality 
fax-equivalents to business partners' jjkrinterOn.net is capable of determining when a 
fax number does not have an IPP equivalent, and dropping into standard fax mode 
under these circumstances. .| 

If numerous real fax locations are identified, then faxes can be routed to a fax 
distribution center for forwarding.' 

5.4 IPP Server Enh ancIemen*^ 



5*4.1 IPPPRI^^ERA^AP^E^ 



printerOn can create virtual IPP printers for companies whose printers are nor IPP 
compliant, or who lack the expertrcjto set up an IPP device. Corporations receive an 
application that runs on their Winticws NT, 2000, or Linux print servers that allows a 
printer to behave at a virtual IPP printer when used in conjunction with 
printerOn.net. This application communicates with the printerOn Web site to 
convert IPP print requests from aqyikource into a print request for non-IPP printers. 



5.4.2 Pen Mapping! 



TueprkterOnDrivercreat^ 
to the Print Driver Interface to any) of several standard or custom definitions. This means 
that the color of the object* can bo mapped to other colors or grayscale, the thickness of 
lines can be mapped, the fill patterns used can be modified or mapped to color or grayscale 
fills. In theprinterOn system, beeausj* the driver knows the capability of the final printing 
device, the printerOn driver can automatically map the data input from the Application 
to an appropriate output stream firjjjchar printing device, without any modifications or 
intervention with the originating Application. If the printing device is a black and white 
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printer, colon can be mapped to grayscale fills ;or patterns. If the resolution of a printer 
is leas thou the original data, then filrganerns can be modified to accommodate the lower 
resolution* 
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IPP Firewall 




For companies with security eoncefds over "pushing" data through their firewalls, 
printerOn can expose a printer witbqjiit opening a port in the firewall. This is 
accomplished by an application on ^jjb company's server that "pons" the printerOn 
service to identify when a print reqpert has been made, h then pulls that data securely 
through the firewall, rather than aflojWiflg itt6be pushed through. 



5.4.4 



IPP Data 
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To decrease the use of expensive or^slow Internet bandwidth, printerOn offers a 
service/product combination that will oprinirff data transfer for IPP print 
applications. The printerOn drive * ten compress the print data stream before 
trananissjon. printerOn software to the receiving IPP server performs 
complementary decompression to ; provide the necessary print data to the printer. The 
printerOn driver will "handshake"; with the riant server to establish if this service is 
available on the printer, and automatically use fit when appropriate. 



5.4.5 IPP Data Qt 

To reduce printing bottlenecks cawa|a,by slow Internet connections or large print jobs> 
the printerOn Proxy provides a - JJb — J - — ^ * — ~ - — ■ - 
respond with a "ready" signal to 
will then queue the data and 
becomes available. 



5.4.6 IPP DNS 



For smaller organizations re m 
remote printer access), printerO; 




jce in which the printerOn.net Web site can 
r pne wanting to print to an IPP printer. printerOn 
trammissipn of the print request once the printer 



imain Ijlame Server support (a requirement lot 

process and reduce the cost of aqpostng IPP printers for the average company lacking 
the technical expertise or the fiwaf 1 *** 1 rationale for building a DNS. 



I! 
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5.4.7 Print Jdenih|< 

To provide some context for die ' 
text oa the primed document or 
destination of the document. This 
such as the time, date, who printed '£ 
document. 



if 
I 

! 

ih 

.TIOl* 

r 

& transacuon, printcxOn can either place header 
(uce a corcjir sheet to identify the source and 
it hcndfti| |or cover sheet can include information 
document, and who is expected to receive the 



5.4.8 



print Ai 



icati6n 



printerOn cm verify the amhen< 
key encryption, and other accej 
reliance on Conner and fax 
recipient of a print job is able to cb 
printerOn.net registry. Reprints ca 
for a period of time, and audit trail t 



5.4.9 



PRINTER ACO 



To help organizations monitor 
printerOn.net can record all printer 
Customized reports for auditing pj[ ir }i 
flagged, and o-mail notifications cm ' 
checking. 



of 



a pric resubmission through passwords, public 
mec h a nisms . This further reduces the 



i as a means of validating transactions. A 
; docum sat validity according to the 

^authenticated documents are retained 
i available permanently. 



coi si jmables 



5.4,10 Printer Use 

Critical documents can be printed: 
slow data transfer. The printerOn'! 
printerOn users to whom they wis 
a user that is identified as being hii 



anki 



track costs among departments, 

ictivity ty! user, account code, and printer, 
'oses can'be genera t ed, unusual print behaviors 
sent toj a designated contact when supplies need 



30 printer owner's configuration. 



5.4.11 Paper Size FbiTERiNls 

■ n i : 



jst, rather jthan be delayed by long print jobs or 
ftem allojws the printer owner to identify 
p give priority access. A print request from such 
Priority yill be given preference for next 
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servicing, or may even terminate ( >i fe-empt) die current print job depending upon the 

Diinter owner's confi*rn**ttirtn_ T |j '! 
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To ensure thai the correct paper ; 
owner p£ the registered printer < 
opposed to what page sizes are i 
are actually installed in the device, 
ensure that the user has constrainc 
condition from occurring. Alte 
the print job so that it fits on the 

Note that similar applications i 
and white printing, and folding (sea 



5.4,12 Automatic : 

printer On will ensure that the 
thereby prevent the user from 
Global Print Registry allows an] 
can install or use an appropriate p 
driver, the system will automatii 
the global registry database, either 
entirely block the print attempt. 



jbr the repqote printer is selected by users, the 
^iterOn what page sizes are valid (as 
s). Typically, these are the sires that 
. „ ~ m the printerOn driver, we will 
^election to a valid size to prevent this 
in can automatically scale (or resize) 



prinipgfrox] 




5.4.13 NOTIFICATION AND 





To eliminate uncertainty, prini 
successfully, and can inform the 
The system can be configured to 
notifications and receipts. T _ 
the physical location and URL 
for whom ft was printed. 
Upon completion of a print, the 
site to record the statistical data i< 
creating e-mail notifications and tt 
may request a receipt in the print 
a receipt if they have configured 
is generated if the user has ante: 
driver* A printer owner can co: 
notification, or receive notification 
requested 1 



media (paper, vellum, mylar etc), color/black 
' punches, fold type, etc). 



Dl jtVER Vaiidation 

?nd prii liter driver are compatible, and will 
ng inco; feet output. To guarantee this, the 
t6 search for a printer to discover its type, so they 
l c driver. ?jarthennore, if you use the printerOn 
check th ^currently selected print driver against 
provide aiwarning of incompatibility, or to 



RECEIPTS 



can assui e/the sender that the document printed 
ijii^nt that ii document has arrived at their printer. 
C wj or enfc mce the generation of print e-mail 
.these me {pages would contain information such as 
printer, |» number of pages, who printed it, and 

it snonitc rj!will interact with the printerOn audit 
cd to tie print job. The audit site is capable of 
: to meliorating this statistical data. The user 
fir user i&erface, or may choose to always obtain 
account appropriately. A redpiem notification 
-mail i Idress of the recipient in the print 
their a Jpount such that they always receive 
ijft the eve jjt that an explicit notification was not 
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To guarantee the long-term 
the freedom to change printer 
i logical printer. This alias 
printers, or server configuration 
shielded from configuration 
modify their environment witQOut|inpacuiig 



5.4.15 Printer Dem 

For companies concerned about 
inappropriate use of equipment, 
printerOn allows the printer o 
method is to restrict access to the 
provides a mechanism for tracking 
behavior. Another unique prim 
"denial" basis. Most access gram 
(printerOn supports this mode]} 
printer that says "anyone can use 
is important since IPP printers 
environment is no longer control 
large. 



ip Printer Naming 



while allowing printer owners 
allows owners to create an alias for 
to a host domain, servers, 
net and the printerOn driver are 
ter administrators the freedom to 
Jiiblished URL printer names. 




5,5 Reprographics 



5.5.1 



Large Foi 



cited information f spam") or the 
i, pornographic images, etc), 
block this type of behavior. One such 
registered printerOn users. This 
print users, which discourages poor 
the ability to grant access on a 
[dentify who is allowed to use a service 
a means of controlling access to a 
CEPT for the following users.,,*. This 
problem for printer administrators... the 
corporation). Rather, it is the world at 



9 



The printerOn driver can asscnil 
and apply the appropriate Prim 
the target printer. If the choke of j 
manufacturers control enviro; 
of Job Control codes to match 
intervention. 



5.5.2 



PRINTING- 



pIeon* haB Submission 

print jobs from the Application printing process 
>b Qontrc ifwrappert, depending on the nature of 

it location involves the use of a different printer 
then the! printerOn driver can use a different set 
output device, without user 
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Small print shops, can register a sedbfe public 
customers who lack the earipmentipr skills to 
customer can then obtain the hardc] 
would contact the Print Shop, who*! 
UserlD and Password. The custon 
desktops which interacts with prim 
access to the Print Shop IPP print 
expires. 

li 



5c63 



Print Forw. 



An application for the remote 
with good availability to the final 
printer. This means that documem 

establishment near a courier hub su^ 

hardcopy, without the necessity owidring up 
It would be printed and dbtributcrarom ^ ^ 




COu |e: 



The foregoing description is intended 
present invention. Those of ordinal 
and/or modiff cations to the deecsribe^ 
described Herein, ate encompassed 
the claims appended hereto. 



lio 



* printer with printerOuiet to serve 
at their specialized documents. The 
?m the print shop. The customer 
I use printerOn with a time limited 
; the printerOn driver on theb- 
aic and provide a temporary 
rint job is complete, the access 



|i product hardcopy output at a site 
& that d e s tinat ion does not have an IPP 
be 1 1 fjnted remotely to a printing 
:per can distribute the resultant 
i ike hardcopy and bringing into the hub* 



that Aib, 



be fltair fative of the preferred embodiment of too 
" may envisage certain additions, deletions 
J -'- . winch, although not explicitly 

scope of (he invention, as defined by 
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WE CLAIM: 



1. A network resource control systernj jj 
between network users and network resou ' 

a resource registry including resc 
the resource records defining a target < 
resource) 

an administration server in conunu 
administrators of each said network resoTirjcej with ; 
records; and 

a proxy server in ( 
transfer between the network users and i 
records. 



2. A network resource control 

between network users and network res< 
a resource registry including 

the resource records defining a target ai 

resource; 

a driver server including driver 
an authorization server in 

server for providing the driver appttcarjonjijj 




I0IUJ7 



resources, 

3. A network resource control j 
between network users and network J 
network printing system comprising: 

a proxy server provided outside 1 
for printing; and 

a polling server provided within 1 
polling the proxy server for initiating 1 
proxy server to the polling server. 



I communication over a network, 
printing system comprising; 
dated with the network resources, 
type for each said network 

the resource registry for providing 
to respective ones of the resource 

registry for facilitating data 
ources in accordance with the resource 



communication over a network, 
k printing system comprising: 
; ijjkociated with the network resources* 



records 



i and a rei lource type for each said network 

u ft) a the network resources; and 
ion wit 1 the resource registry and the driver 
i the network users in accordance with the 



resource records for facilitating data transf it between 1 he network users and the network 



jjorallowiS m communication over a network, 
locate* 1 jbehind an enterprise firewall, the 

i for receiving application data 

s polling server being configured for 
\ received application data from the 



4, A network resource control 
network printing system being associai 
associated with network resources for 
network resources over the network, the 
a resource driver for facilitating o 
application and target ones of the netwo: 




don over a network, the 
: registry including resource records 
l users to communicate with the 

Q system comprising: 

\\ik of application data between a user 
: resource driver including a driver 
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input for receiving the application data ami 
application data; 

a driver administrator in communii 
of the resource driver in accordance with 
network resources* and 

a data transmitter in mmnuinicario; 
translated data to the target one network 

5. A method for facilitating commi 
network resources, comprising the steps 

providing a resource registry Includ ag 



resources! the resource records including 
receiving user access control data 

incorporation into the resource records; 
in accordance with the user access 

communication with the network resour( 

6. A method for facilitating commi 
network resources, comprising the steps 

receiving a request from one of the 
of the network resources; 

obtaining resource configuration 

determining a user authorization fi 
resource; and 

in accordance with the user author 
resource configuration data and user co: 

7. A method for facilitating co 
network resources, comprising the i 

providing a request from one of 
one of the network resources; 

receiving from the one network us 
network resource, and receiving resource 
network resource over a communications 

directing the application data over 
address data. 

8. A method for facilitating comxnu 
network resources located behind an < 




for providing a translation of the 



C resource registry for configuration 
ords associated with the target one 

iver output far transmirring the 



network, between network users and 



records associated with the network 
access octroi data; 
admini r rators of the network resources for 



Dldat^ 



?rki 



ion, 



configuring the network users for 



ion ovaf ja network, between network users and 
u& its for communication with a target one 



with the target one network resource; 
ion with the target one network 

veil jing a correspondence between the 
da & associated with the one network user. 



a network, between network users and 

i ten for communication with a target 

n data far transmission to the target one 
data associated with the target one 
from the one network user; and 
in accordance with received network 



i network, between network users and 
L, comprising the steps of: 
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polling a prosy server located oui 
communication with the network reso 

receiving application data, and 
in response to the poll step; and 

directing the application data to 
network resource data. 




hheeni 



rise firewall for requests for 
netwJSilk, resource data from the proxy server 
ork b : lourees in accordance with associated 
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